Package: chromium
Version: 70.0.3538.110-1
Severity: important
I am not completely sure how to handle this issue: it is obviously not present
in Google Chrome, only in Chromium so upstream isssue tracker doesn't seem to be
the best fit. Also I'm not sure how the SafeBrowsing component is maintained in
_Chromium_. If you believe this should be somehow reported upstream please do it
or request me to (with some details as of how and what).
Anyway, Chromium SafeBrowsing seems not to work at all, despite that both
"SafeBrowsing" and "Help improve SB" is on.
Just go to this URL and see no warnings: https://www[.]xn--bbox-vw5a[.]com/login
(It is a phishing site for bibox.com with TLS domain padlock.)
The URL is detected by both FireFox and Google SafeBrowsing website.
I would say this is a pretty serious problem, considering the aforementioned
example of the phishing site WITH the padlock, where Average Joe have no real
chance to see the URL forgery.
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8),
LANGUAGE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages chromium depends on:
ii chromium-common 70.0.3538.110-1
ii libasound2 1.1.6-1
ii libatk-bridge2.0-0 2.26.1-1
ii libatk1.0-0 2.28.1-1
ii libatomic1 8.2.0-7
ii libavcodec58 10:4.0.2-dmo1
ii libavformat5810:4.0.2-dmo1
ii libavutil56 10:4.0.2-dmo1
ii libc62.27-5
ii libcairo-gobject21.16.0-1
ii libcairo21.16.0-1
ii libcups2 2.2.8-5
ii libdbus-1-3 1.12.10-1
ii libdrm2 2.4.89-1
ii libevent-2.1-6 2.1.8-stable-4
ii libexpat12.2.5-3
ii libflac8 1.3.2-1
ii libfontconfig1 2.13.1-2
ii libfreetype6 2.8.1-0.1
ii libgcc1 1:8.2.0-7
ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6
ii libglib2.0-0 2.58.1-2
ii libgtk-3-0 3.22.30-1
ii libharfbuzz0b2.1.1-1+b1
ii libicu63 63.1-4
ii libjpeg62-turbo 1:1.5.2-2+b1
ii liblcms2-2 2.9-1
ii libminizip1 1.1-8+b1
ii libnspr4 2:4.16-1+b1
ii libnss3 2:3.34-1
ii libopenjp2-7 2.3.0-1
ii libopus0 1.3~beta+20180518-1
ii libpango-1.0-0 1.42.4-3
ii libpangocairo-1.0-0 1.42.4-3
ii libpci3 1:3.5.2-1
ii libpng16-16 1.6.34-1
ii libpulse012.0-1
ii libre2-4 20180301+dfsg-1
ii libsnappy1v5 1.1.7-1
ii libstdc++6 8.2.0-7
ii libvpx5 1.7.0-3
ii libwebp6 0.6.1-2
ii libwebpdemux20.6.1-2
ii libwebpmux3 0.6.1-2
ii libx11-6 2:1.6.5-1
ii libx11-xcb1 2:1.6.4-3
ii libxcb1 1.13-2
ii libxcomposite1 1:0.4.4-2
ii libxcursor1 1:1.1.15-1
ii libxdamage1 1:1.1.4-3
ii libxext6 2:1.3.3-1+b2
ii libxfixes3 1:5.0.3-1
ii libxi6 2:1.7.9-1
ii libxml2 2.9.4+dfsg1-6.1+b1
ii libxrandr2 2:1.5.1-1
ii libxrender1 1:0.9.10-1
ii libxslt1.1 1.1.29-5
ii libxss1 1:1.2.2-1+b2
ii libxtst6 2:1.2.3-1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages chromium recommends:
ii chromium-sandbox 70.0.3538.102-1
Versions of packages chromium suggests:
pn chromium-driver
pn chromium-l10n
pn chromium-shell
Versions of packages chromium-common depends on:
ii x11-utils 7.7+4
ii xdg-utils 1.1.2-1
Versions of packages chromium-common recommends:
ii chromium-sandbox 70.0.3538.102-1
ii dunst [notification-daemon] 1.2.0-2
ii fonts-liberation 1:1.07.4-8
ii libgl1-mesa-dri 17.3.1-1
pn libu2f-udev
ii notification-daemon 3.20.0-2
ii upower 0.99.7-1
ii xfce4-notifyd [notification-daemon] 0.4.2-1
Versions of packages chromium-sandbox depends on:
ii libatomic1 8.2.0-7
ii libc6 2.27-5
ii libgcc1 1:8.2.0-7
ii libstdc++6 8.2.0-7
-- no debconf information